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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
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DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 



1 . A request for continued examination ("RCE") under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application 
is eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 
1 .17(e) has been timely paid, the finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1.1 14. Applicant's submission filed on 13 April 2009 has been entered. 



2. This action is responsive to Applicants' above noted RCE and associated amendments 
received 13 April 2009. 

3. This action has been assigned paper number 20090705 for reference purposes only. 

4. Claims 1-22 are pending and have been examined. 



5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 1-22 are rejected under 35 U.S.C. §112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

7. Claims 1 and 12 are rejected as being indefinite because the relationship between the 
parts cannot be understood by one of ordinary skill in the art. Claim 1 recites, "defining a point- 
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of-use security perimeter" and "use of the digital asset outside of the security perimeter." If the 
security perimeter is based on the point-of-use, how can the digital asset be used outside of the 
perimeter? As presently presented, the client device appears to be both within and outside of the 
security perimeter. Similar limitations are present in claim 12. Claim 12 is rejected under the 
same basis. 

8. The Examiner finds that because particular claims are rejected as being indefinite under 
35 U.S.C. §1 12 2nd paragraph, it is impossible to properly construe claim scope at this time. 
However, in accordance with MPEP §2173.06 and the USPTO's policy of trying to advance 
prosecution by providing art rejections even though these claim are indefinite, the claims are 
construed and the art is applied as much as practically possible. 



9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 



States and was published under Article 2 1(2) of such treaty in the English language. 

10. Claims 1-5, 7, 8, 10-13, 15, 16, 18, 19, 21, and 22, as understood by the Examiner, are 
rejected under 35 U.S.C. § 102(e) as being anticipated by Carter et al. (US 2003/0051026) 



Claim Rejections - 35 USC§102 



("Carter"). 
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11. As to claim 1 , Carter shows: 

An agent process for controlling access to digital assets in a network of data processing 
devices, the process comprising: 

defining a point-of-use security perimeter 114 that includes the operating system kernels 
of two or more data processing devices (protected servers, each server has an 
operating system and each operating system has a kernel inherently, Figure 1); 

defining one or more policy violation predicates (Paragraphs 0775-0783) that serve to 
implement policy logic and that are asserted at the point-of-use of a digital asset 
upon an occurrence of a possible risk of use, outside of the security perimeter of a 
digital asset by an end user (Paragraphs 0787-0791 and tables included within); 

sensing atomic events (listed after paragraph 0787) within an operating system kernel of 
a user client device ("workstation," Figure 1) (Paragraph 0810), the atomic events 
being low level kernel events and being sensed upon activities related to 
authorized access (Paragraph 081 1) (through switch controlled by the Network 
Surveillance and Security System, "NSSS" 18) to a digital asset (located on a 
protected server within group 114) by the end user of the user client device; 

aggregating multiple atomic level events to determine a combined event (Paragraph 
0435); and 

asserting a policy violation predicate upon an occurrence of a combined event that 

violates a predefined digital asset usage policy that indicates a risk of use of the 
digital asset outside (inherent because the workstation is outside of the secure 
switch) of the security perimeter (Paragraph 0435). 
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12. As to claim 12, Carter shows: 

A system for controlling access to digital assets in a network of data processing devices, 
the system comprising: 

a digital asset usage policy server 18 storing one or more digital asset usage policies 

(Paragraphs 0787-0791 and tables included within) programmed to be applied to a 
point-of-use security perimeter 114, the security perimeter comprising the 
operating system kernels of two or more data processing devices (protected 
servers, each server has an operating system and each operating system has a 
kernel inherently, Figure 1); 

an atomic event sensor (things sensed are listed after paragraph 0787, therefore there is 
inherently a sensor), the sensor located within an operating system kernel 
(Paragraph 0810) within an end user client device ("workstation," Figure 1) and 
programmed to sense atomic events from within the operating system kernel 
(Paragraph 0810), the atomic events being low level kernel events and being 
sensed by the sensor upon actions relating to of authorized access (Paragraph 
081 1) (through switch controlled by the Network Surveillance and Security 
System, "NSSS" 18) to one or more digital assets by an end user of the end user 
client device; 

an atomic level event aggregator (Paragraph 0435) programmed to determine the 

occurrence of an aggregate event that comprises more than one atomic level asset 
access event (Id.); and 
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a policy violation detector programmed to determine whether an aggregate event has 
occurred that violates a predefined digital asset usage policy (Paragraph 0435) 
that indicates a risk of use of a digital asset outside the security perimeter 
(Paragraph 0224). 

13. As to claims 2 and 13, Carter further shows: 

the step of asserting the policy violation predicate is implemented in the operating system 
kernel of the client user device (Paragraphs 0810-0817) . 

14. As to claim 3, Carter further shows: 

preventing a user from accessing the digital asset if the policy predicate indicates 
a violated policy (Paragraph 1040). 

15. As to claims 4 and 15, Carter further shows: 

the preventing step includes an IRP intercept (Paragraph 0147, interrupt handler within 
the kernel). 

16. As to claims 5 and 16, Carter further shows: 

the combined event is a time sequence of multiple atomic level events (Paragraph 0224). 



17. 



As to claims 7 and 18, Carter further shows: 
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asserting multiple policy violation predicates (Paragraph 0435) prior to indicating a risk 
of use of the digital asset outside of the security perimeter (Paragraph 0224). 

18. As to claims 8 and 19, Carter further shows: 

operates independently of application software (It is within the kernel, which is part of 
the Operating System, not the application software). 

19. As to claims 10 and 21, Carter further shows: 

the sensors, aggregators, and asserting steps operate in real time (Abstract, real time 
updating of the knowledge base requires that the sensors, aggregators, and 
asserting of predicates also operate in real time). 

20. As to claims 1 1 and 22, Carter further shows: 

determining the identity of a particular file in the asset access event (Paragraph 0162, In 
order to access the remote file through the local file, the system needs to 
determine the identity of the remote file.). 



21. 



As to claim 14, Carter further shows 

the policy violation detector is programmed to determine a violated policy type (Shown 
as classes of violations in the table following paragraph 0787). 
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Claim Rejections - 35 USC § 103 

22. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



23. Claim 9, as understood by the Examiner, is rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Carter in view of Danieli (US 6,510,513). 

24. As to claim 9, Carter shows all of the elements of claim 1, but does not directly show the 
notification of the user that they have violated a policy. Danieli teaches "alerting a user of the 
client computer of the inappropriate use" (see claim 14). It would have been obvious to one of 
ordinary skill in the art at the time of the invention to modify the invention of Carter by adding 
the teachings of Danieli to make it known to the user that there was a violation, because the 
notification allows the user to know they have done something the system believes they should 
not, enabling them to justify their actions to a responsible party and possibly get the policy 
changed, if their actions were justified. 

25. Claims 6, 17, and 20, as understood by the Examiner, are rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over Carter in view of Admitted Prior Art. 

26. As to claims 6, 17, and 20, Carter shows all of the elements except for the ability of the 
user to document their reason for the policy violation. It is considered admitted prior art that 
documenting the reason for an access is old and well known I the art. It therefore would have 
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been obvious to one of ordinary skill in the art at the time of the invention to modify the 
invention of Carter to incorporate this functionality. The ability to document the reason at the 
time of the occurrence would provide for a record of what was done and why, saving the effort 
of finding the appropriate person to notify. 

27. Claims 1-5, 7, 8, 10-13, 15, 16, 18, 19, 21, and 22, as understood by the Examiner, are 
alternatively rejected under 35 USC 103(a) by Carter in view of Danieli. 

28. As to claims 1 and 12, the Examiner primary position that it is inherent in Carter that the 
digital asset is used outside of the perimeter because the workstation using the asset is outside of 
the secure switch (Figure 1). However if not inherent, it is the Examiner's alternate position that 
Danieli clearly shows the process of securing a digital asset outside of the perimeter (Figure 6). 
Therefore, if not inherent, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to have modified the teachings of Carter to include the external security 
method of Danieli in order to extend the range of control over the digital assets past the security 
perimeter. 

29. As to claims 2 and 13, Carter further shows: 

the step of asserting the policy violation predicate is implemented in an operating system 
kernel of the client user device (element 1018, figure 10) . 



30. 



As to claim 3, Carter further shows: 
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32. 



33. 



34. 



preventing a user from accessing the digital asset if the policy predicate indicates 
a violated policy (Paragraph 1040). 

As to claims 4 and 15, Carter further shows: 

the preventing step includes an IRP intercept (Paragraph 0147, interrupt handler within 
the kernel). 

As to claims 5 and 16, Carter further shows: 

the combined event is a time sequence of multiple atomic level events (Paragraph 0224). 
As to claims 7 and 18, Carter further shows: 

asserting multiple policy violation predicates (Paragraph 0435) prior to indicating a risk 
of use of the digital asset outside of the security perimeter (Paragraph 0224). 

As to claims 8 and 19, Carter further shows: 

operates independently of application software (It is within the kernel, which is part of 
the Operating System, not the application software). 

As to claims 10 and 21, Carter further shows: 

the sensors, aggregators, and asserting steps operate in real time (Abstract, real time 
updating of the knowledge base requires that the sensors, aggregators, and 
asserting of predicates also operate in real time). 
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36. As to claims 1 1 and 22, Carter further shows: 

determining the identity of a particular file in the asset access event (Paragraph 0162, In 
order to access the remote file through the local file, the system needs to 
determine the identity of the remote file.). 

37. As to claim 14, Carter further shows 

the policy violation detector determines a violated policy type (Shown as classes of 
violations in the table following paragraph 0787). 



38. Applicant's arguments filed 13 April 2009 have been fully considered but they are not 
persuasive. 

39. As noted above, Applicants' current amendments have caused the claims to be indefinite. 
While particular arguments have been provided by Applicants, the indefinite nature of the claims 
prevents the proper evaluation of how the arguments pertain to the claims. However, the 
Examiner's position is that, if the issues associated with the rejections under 35 U.S. C. 1 12 2 nd 
paragraph are traversed, it is likely that the art rejections will also be traversed, with the potential 
for allowance of the claims. 



Response to Arguments 



Conclusion 
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40. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOSHUA MURDOUGH whose telephone number is (571)270- 
3270. The Examiner can normally be reached on Monday - Thursday, 7:00 a.m. - 5:00 p.m. 
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's supervisor, 
Andrew Fischer can be reached on (571) 272-6779. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Joshua Murdough 
Examiner, Art Unit 3621 

/ANDREW J. FISCHER/ 

Supervisory Patent Examiner, Art Unit 3621 



